mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state
Use 'state' parameter to prefent CSRF attacks when authenticating with v1 GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
This commit is contained in:
parent
ea807d053e
commit
c7f30bdfec
1 changed files with 1 additions and 0 deletions
|
@ -75,6 +75,7 @@ module.exports = AuthenticationController =
|
||||||
)(req, res, next)
|
)(req, res, next)
|
||||||
|
|
||||||
finishLogin: (user, req, res, next) ->
|
finishLogin: (user, req, res, next) ->
|
||||||
|
return res.redirect('/login') if user == false # OAuth2 'state' mismatch
|
||||||
redir = AuthenticationController._getRedirectFromSession(req) || "/project"
|
redir = AuthenticationController._getRedirectFromSession(req) || "/project"
|
||||||
AuthenticationController._loginAsyncHandlers(req, user)
|
AuthenticationController._loginAsyncHandlers(req, user)
|
||||||
AuthenticationController.afterLoginSessionSetup req, user, (err) ->
|
AuthenticationController.afterLoginSessionSetup req, user, (err) ->
|
||||||
|
|
Loading…
Reference in a new issue